Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-19860

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.

Published

2019-06-07T17:29:00.740

Last Modified

2024-11-21T03:58:42.217

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:P/A:P

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.5

Impact Score

6.4

Weaknesses

Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	broadcom	bcm4335c0_firmware	2012-12-11	Yes
Hardware	broadcom	bcm4335c0	-	No
Operating System	broadcom	bcm43438a1_firmware	2014-06-02	Yes
Hardware	broadcom	bcm43438a1	-	No
Operating System	cypress	cyw20702a1kwfbg_firmware	-	Yes
Hardware	cypress	cyw20702a1kwfbg	-	No
Operating System	cypress	cyw20702a1kwfbgt_firmware	-	Yes
Hardware	cypress	cyw20702a1kwfbgt	-	No
Operating System	cypress	cyw20702b0kwfbg_firmware	-	Yes
Hardware	cypress	cyw20702b0kwfbg	-	No
Operating System	cypress	cyw20702b0kwfbgt_firmware	-	Yes
Hardware	cypress	cyw20702b0kwfbgt	-	No
Operating System	cypress	cyw20703ua1kffb1g_firmware	-	Yes
Hardware	cypress	cyw20703ua1kffb1g	-	No
Operating System	cypress	cyw20703ua1kffb1gt_firmware	-	Yes
Hardware	cypress	cyw20703ua1kffb1gt	-	No
Operating System	cypress	cyw20704ua1kffb1g_firmware	-	Yes
Hardware	cypress	cyw20704ua1kffb1g	-	No
Operating System	cypress	cyw20704ua1kffb1gt_firmware	-	Yes
Hardware	cypress	cyw20704ua1kffb1gt	-	No
Operating System	cypress	cyw20704ua2kffb1g_firmware	-	Yes
Hardware	cypress	cyw20704ua2kffb1g	-	No
Operating System	cypress	cyw20704ua2kffb1gt_firmware	-	Yes
Hardware	cypress	cyw20704ua2kffb1gt	-	No
Operating System	cypress	cyw20705a1kwfbgt_firmware	-	Yes
Hardware	cypress	cyw20705a1kwfbgt	-	No
Operating System	cypress	cyw20705b0kwfbg_firmware	-	Yes
Hardware	cypress	cyw20705b0kwfbg	-	No
Operating System	cypress	cyw20705b0kwfbgt_firmware	-	Yes
Hardware	cypress	cyw20705b0kwfbgt	-	No
Operating System	cypress	cyw20706ua1kffb1g_firmware	-	Yes
Hardware	cypress	cyw20706ua1kffb1g	-	No
Operating System	cypress	cyw20706ua1kffb1gt_firmware	-	Yes
Hardware	cypress	cyw20706ua1kffb1gt	-	No
Operating System	cypress	cyw20706ua1kffb4g_firmware	-	Yes
Hardware	cypress	cyw20706ua1kffb4g	-	No
Operating System	cypress	cyw20706ua2kffb4g_firmware	-	Yes
Hardware	cypress	cyw20706ua2kffb4g	-	No
Operating System	cypress	cyw20706ua2kffb4gt_firmware	-	Yes
Hardware	cypress	cyw20706ua2kffb4gt	-	No
Operating System	cypress	cyw20707a2kubgt_firmware	-	Yes
Hardware	cypress	cyw20707a2kubgt	-	No
Operating System	cypress	cyw20707ua1kffb1g_firmware	-	Yes
Hardware	cypress	cyw20707ua1kffb1g	-	No
Operating System	cypress	cyw20707ua1kffb4g_firmware	-	Yes
Hardware	cypress	cyw20707ua1kffb4g	-	No
Operating System	cypress	cyw20707ua1kffb4gt_firmware	-	Yes
Hardware	cypress	cyw20707ua1kffb4gt	-	No
Operating System	cypress	cyw20707ua2kffb4g_firmware	-	Yes
Hardware	cypress	cyw20707ua2kffb4g	-	No
Operating System	cypress	cyw20707ua2kffb4gt_firmware	-	Yes
Hardware	cypress	cyw20707ua2kffb4gt	-	No
Operating System	cypress	cyw20707va1pkwbgt_firmware	-	Yes
Hardware	cypress	cyw20707va1pkwbgt	-	No
Operating System	cypress	cyw20707va2pkwbgt_firmware	-	Yes
Hardware	cypress	cyw20707va2pkwbgt	-	No
Operating System	cypress	cyw20730a1kfbg_firmware	-	Yes
Hardware	cypress	cyw20730a1kfbg	-	No
Operating System	cypress	cyw20730a1kfbgt_firmware	-	Yes
Hardware	cypress	cyw20730a1kfbgt	-	No
Operating System	cypress	cyw20730a1kml2g_firmware	-	Yes
Hardware	cypress	cyw20730a1kml2g	-	No
Operating System	cypress	cyw20730a1kml2gt_firmware	-	Yes
Hardware	cypress	cyw20730a1kml2gt	-	No
Operating System	cypress	cyw20730a1kmlg_firmware	-	Yes
Hardware	cypress	cyw20730a1kmlg	-	No
Operating System	cypress	cyw20730a1kmlgt_firmware	-	Yes
Hardware	cypress	cyw20730a1kmlgt	-	No
Operating System	cypress	cyw20730a2kfbg_firmware	-	Yes
Hardware	cypress	cyw20730a2kfbg	-	No
Operating System	cypress	cyw20730a2kfbgt_firmware	-	Yes
Hardware	cypress	cyw20730a2kfbgt	-	No
Operating System	cypress	cyw20730a2kml2g_firmware	-	Yes
Hardware	cypress	cyw20730a2kml2g	-	No
Operating System	cypress	cyw20730a2kml2gt_firmware	-	Yes
Hardware	cypress	cyw20730a2kml2gt	-	No
Operating System	cypress	cyw20733a1kfb1gt_firmware	-	Yes
Hardware	cypress	cyw20733a1kfb1gt	-	No
Operating System	cypress	cyw20733a2kfb1g_firmware	-	Yes
Hardware	cypress	cyw20733a2kfb1g	-	No
Operating System	cypress	cyw20733a2kfb1gt_firmware	-	Yes
Hardware	cypress	cyw20733a2kfb1gt	-	No
Operating System	cypress	cyw20733a2kml1g_firmware	-	Yes
Hardware	cypress	cyw20733a2kml1g	-	No
Operating System	cypress	cyw20733a2kml1gt_firmware	-	Yes
Hardware	cypress	cyw20733a2kml1gt	-	No
Operating System	cypress	cyw20733a3kfb1g_firmware	-	Yes
Hardware	cypress	cyw20733a3kfb1g	-	No
Operating System	cypress	cyw20733a3kfb1gt_firmware	-	Yes
Hardware	cypress	cyw20733a3kfb1gt	-	No
Operating System	cypress	cyw20733a3kfb2gt_firmware	-	Yes
Hardware	cypress	cyw20733a3kfb2gt	-	No
Operating System	cypress	cyw20733a3kml1g_firmware	-	Yes
Hardware	cypress	cyw20733a3kml1g	-	No
Operating System	cypress	cyw20733a3kml1gt_firmware	-	Yes
Hardware	cypress	cyw20733a3kml1gt	-	No
Operating System	cypress	cyw20734ua1kffb3g_firmware	-	Yes
Hardware	cypress	cyw20734ua1kffb3g	-	No
Operating System	cypress	cyw20734ua1kffb3gt_firmware	-	Yes
Hardware	cypress	cyw20734ua1kffb3gt	-	No
Operating System	cypress	cyw20734ua2kffb3g_firmware	-	Yes
Hardware	cypress	cyw20734ua2kffb3g	-	No
Operating System	cypress	cyw20734ua2kffb3gt_firmware	-	Yes
Hardware	cypress	cyw20734ua2kffb3gt	-	No
Operating System	cypress	cyw43438kubgt_firmware	-	Yes
Hardware	cypress	cyw43438kubgt	-	No
Operating System	cypress	cyw4343w1kubgt_firmware	-	Yes
Hardware	cypress	cyw4343w1kubgt	-	No
Operating System	cypress	cyw4343wkubgt_firmware	-	Yes
Hardware	cypress	cyw4343wkubgt	-	No
Operating System	cypress	cyw4343wkwbgt_firmware	-	Yes
Hardware	cypress	cyw4343wkwbgt	-	No
Operating System	cypress	cyw4354kkwbgt_firmware	-	Yes
Hardware	cypress	cyw4354kkwbgt	-	No
Operating System	cypress	cyw4354xkubgt_firmware	-	Yes
Hardware	cypress	cyw4354xkubgt	-	No
Operating System	cypress	cyw89071a1cubxgt_firmware	-	Yes
Hardware	cypress	cyw89071a1cubxgt	-	No
Operating System	cypress	cyw89072brfb5g_firmware	-	Yes
Hardware	cypress	cyw89072brfb5g	-	No
Operating System	cypress	cyw89072brfb5gt_firmware	-	Yes
Hardware	cypress	cyw89072brfb5gt	-	No
Operating System	cypress	cyw89335l2cubgt_firmware	-	Yes
Hardware	cypress	cyw89335l2cubgt	-	No
Operating System	cypress	cyw89335lcubgt_firmware	-	Yes
Hardware	cypress	cyw89335lcubgt	-	No

References

http://seclists.org/fulldisclosure/2019/Aug/11 ([email protected])
http://seclists.org/fulldisclosure/2019/Jul/22 ([email protected])
https://seclists.org/bugtraq/2019/Aug/21 ([email protected])
https://source.android.com/security/bulletin/2019-05-01 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT210348 ([email protected])
https://www.broadcom.com/support/resources/product-security-center Vendor Advisory ([email protected])
http://seclists.org/fulldisclosure/2019/Aug/11 (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Jul/22 (af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Aug/21 (af854a3a-2127-422b-91ae-364da2661108)
https://source.android.com/security/bulletin/2019-05-01 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT210348 (af854a3a-2127-422b-91ae-364da2661108)
https://www.broadcom.com/support/resources/product-security-center Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)